Architecture Decision Records
Architecture Decision Records
Section titled “Architecture Decision Records”Architecture Decision Records (ADRs) document significant technical decisions made during Arbitex development. Each ADR captures the context that led to the decision, the decision itself, and its consequences — both positive and negative.
ADRs are written at the time the decision is implemented, making them authoritative references grounded in shipped code.
Decision Index
Section titled “Decision Index”| ADR | Title | Status | Area |
|---|---|---|---|
| ADR-001 | RS256 over HS256 for M2M Tokens | Accepted | Security / Auth |
| ADR-002 | Fail-Closed DLP Inference | Accepted | DLP / Reliability |
| ADR-003 | Azure Key Vault for Secrets Management | Accepted | Security / Ops |
| ADR-004 | Redis for CSRF State (Not Server Memory) | Accepted | Security / Auth |
| ADR-005 | HMAC-SHA256 for Policy Bundle Signing | Accepted | Security / Outpost |
| ADR-006 | Bloom Filter + k-Anonymity for Credential Scanning | Accepted | DLP / CredInt |
| ADR-007 | mTLS Full Chain Verification | Accepted | Security / Networking |
| ADR-008 | SCIM Per-Org Tokens (Not Global) | Accepted | Security / Multi-tenancy |